Control: retitle -1 patch: CVE-2015-1196: directory traversal via symlinks
Hi,
This has been assigned CVE-2015-1196 by MITRE.
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: patch
Version: 2.7.1-6
Tags: security
patch now support git-style patches, which allows creating symlinks.
This feature can be abused for directory traversal. As a proof of
concept, applying the attached patch creates a file in /tmp:
$ ls /tmp/moo
/bin/ls: cannot access /tmp/moo: No
2 matches
Mail list logo
